High severity7.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10539
CVE-2016-10539
Description
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
negotiatornpm | < 0.6.1 | 0.6.1 |
Affected products
2- HackerOne/negotiator node modulev5Range: <= 0.6.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-7mc5-chhp-fmc3ghsaADVISORY
- nodesecurity.io/advisories/106nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10539ghsaADVISORY
- www.npmjs.com/advisories/106ghsaWEB
News mentions
0No linked articles in our index yet.